From 2397de7d1d5a2617b9a72e087d4514c7203a3e21 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sun, 29 Dec 2013 16:55:56 +0000
Subject: [PATCH] allow specifying nsCertType in config

---
 cam/ca.py                | 2 +-
 cam/templates/ext_config | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cam/ca.py b/cam/ca.py
index a19835f..f8a202f 100644
--- a/cam/ca.py
+++ b/cam/ca.py
@@ -169,7 +169,7 @@ class CA(object):
             csr_file = os.path.join(tmpdir, '%s.csr' % cert.name)
             conf_file = os.path.join(tmpdir, '%s.conf' % cert.name)
             ext_file = os.path.join(tmpdir, '%s-ext.conf' % cert.name)
-            conf = {}
+            conf = {'usage': 'client, server'}
             conf.update(self.config)
             conf['cn'] = cert.cn
             conf['days'] = cert.days or self.config['default_days']
diff --git a/cam/templates/ext_config b/cam/templates/ext_config
index 596e406..486c087 100644
--- a/cam/templates/ext_config
+++ b/cam/templates/ext_config
@@ -1,5 +1,5 @@
 basicConstraints        = CA:false
-nsCertType              = client, server
+nsCertType              = %(usage)s
 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage        = clientAuth, serverAuth
 subjectKeyIdentifier    = hash
-- 
2.20.1